As the industry increases the use of mobile devices, security is becoming a growing concern because mobile devices are now used to store secure information (such as passwords, credit cards, and the like) and because mobile devices are now being used to access remote secure enterprise assets. Moreover, individuals desire to do more and more with their phones electing to eliminate or do less and less with convention computing devices. Still further, as processing migrates to mobile devices, viruses targeted to mobile platforms are on the rise.
Users have a variety of mechanisms that they use to ensure security is enforced on their mobile devices, such as their phones or tablets. One technique is to force a time out when there is inactivity on the device; the user must authenticate to unlock the timed out mobile device. This is generally done via a password or personal identification number (PIN).
Another approach is to password protect specific apps on the mobile device; but, in this case, it is usually the apps that must provide such a functionality as the operating system of the mobile device rarely provides such app-specific security. Additionally, users are less likely to implement security on a per-app bases, instead preferring security for the entire device via the traditional time out and re-authentication approach. There is usability issues associated with time outs.
When people use mobile devices, simple touch actions are best, user input via the keyboard is seen as a failure or a sign of bad design. Most tasks should be done via simple touch or touch and slide, not touch typing via a touch screen keyboard. This creates a problem for security because the device may need to have the user re-authenticate after a period of inactivity, using their password. This timeout can be set for a short or long period of time based on the “security” vs “ease of use” balance. Short timeouts are safer but a major inconvenience to the user; long timeouts have risks but offer a better user experience. For example, if there is a long timeout and the user sets the mobile device down, some else could use it to access his resources without his permission or knowledge.